Create and build Power BI reports using Windows Defender ATP data

In this article

Applies to:

Windows 10 Enterprise

Windows 10 Education

Windows 10 Pro

Windows 10 Pro Education

Windows Defender Advanced Threat Protection (Windows Defender ATP)

Important

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI.

Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.

Data connectors integrate seamlessly in Power BI, and make it easy for power users to query, shape and combine data to build reports and dashboards that meet the needs of your organization.

You can easily get started by:

Creating a dashboard on the Power BI service

Building a custom dashboard on Power BI Desktop and tweaking it to fit the visual analytics and reporting requirements of your organization

You can access these options from the Windows Defender ATP portal. Both the Power BI service and Power BI Desktop are supported.

Create a Windows Defender ATP dashboard on Power BI service

Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal.

In the navigation pane, select Preferences setup > Power BI reports.

Click Create dashboard. This opens up a new tab in your browser and loads the Power BI service with data from your organization.

Note

Loading your data in the Power BI service can take a few minutes.

If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.

Create a new directory Microsoft Power BI Desktop\Custom Connectors under the user's Documents folder.

Copy WDATPDataConnector.mez from the zip to the directory you just created.

Open Power BI Desktop.

Click File > Options and settings > Custom data connectors.

Select New table and matrix visuals and Custom data connectors and click OK.

Note

If you are using Power BI Desktop July 2017 version (or later), you won't need to select New table and matrix visuals. You'll only need to select Custom data connectors.

Restart Power BI Desktop.

Customize the Windows Defender ATP Power BI dashboard

After completing the steps in the Before you begin section, you can proceed with building your custom dashboard.

Open WDATPPowerBI.pbit from the zip with Power BI Desktop.

If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.

Click Accept. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.

Mashup Windows Defender ATP data with other data sources

You can use Power BI Desktop to analyse data from Windows Defender ATP and mash that data up with other data sources to gain better security perspective in your organization.

In Power BI Desktop, in the Home ribbon, click Get data and search for Windows Defender Advanced Threat Protection.

Click Connect.

On the Preview Connector windows, click Continue.

If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.

Click Accept. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.

In the Navigator dialog box, select the Windows Defender ATP feeds you'd like to download and use in your reports and click Load. Data will start to be downloaded from the Microsoft Graph.

Load other data sources by clicking Get data item in the Home ribbon, and select another data source.

The feedback system for this content will be changing soon. Old comments will not be carried over. If content within a comment thread is important to you, please save a copy. For more information on the upcoming change, we invite you to read our blog post.